How to stop hackers once they're in: CyberArk CEO

Sony hack smells like vandalism: Expert
Sony hack smells like vandalism: Expert   

Companies around the world are at risk because they have not invested sufficiently in cybersecurity measures that could block hackers from obtaining sensitive information once they break into corporate systems, the CEO of CyberArk told CNBC on Monday.

Sony has faced criticism for failing to establish adequate security measures to prevent hackers from accessing a trove of emails and intellectual property. But the entertainment company is not a special case, Udi Mokady said.

"Organizations have been focused on perimeter security. That's what they bet on, on 'How do we keep the bad guys out?' That was the focus of the security practice, and not about what happens when the attackers do get in," he said in a "Squawk Box" interview.

Read More How to hit back at North Korea for Sony cyberattack

Israel-based CyberArk focuses on building a layer of security to prevent hackers from moving around laterally within a company's system once a breach occurs. The firm reports that 86 percent of big companies are unaware of or underestimate attacks on privileged accounts.

Mokady said the tide is beginning to turn, and corporate boards are now doing more than just erecting a firewall.

"As a matter of looking into the future, the pendulum has swung toward the bad guys because of many years of neglect, but it doesn't mean all gloom and doom. With proper investments they can make it very hard for them to cause this kind of damage that happened to Sony," he said.

North Korea has threatened to attack the United States if the U.S. government responds to the north Asian country's alleged hacking of Sony Pictures.

President Barack Obama over the weekend said he is weighing whether to put North Korea back on a list of state sponsors of terrorism. He said the Sony hack was not an "act of war," but a case of "cybervandalism."

Read MoreFBI: North Korean gov't responsible for Sony hack

Sony told Re/code it has not decided how to release "The Interview" after the New York Post reported the studio would debut the film on its streaming video service, Crackle. A number of theater chains said they would not screen the film, and no major video-on-demand operators have committed to streaming it.

David Bank, a broadcasting and media analyst at RBC Capital Markets, told "Squawk Box" the fallout from the cyberattack will not have huge financial ramifications because "The Interview" was not very expensive to make.

"This is a $40 million budget movie. This isn't like 'Avatar' or something," he said.